Add process_path_regex rule type

This commit is contained in:
srk24 2024-09-15 11:42:57 +08:00 committed by 世界
parent 06533b7a3b
commit 846777cd0c
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
15 changed files with 182 additions and 21 deletions

View file

@ -37,6 +37,7 @@ const (
ruleItemWIFISSID ruleItemWIFISSID
ruleItemWIFIBSSID ruleItemWIFIBSSID
ruleItemAdGuardDomain ruleItemAdGuardDomain
ruleItemProcessPathRegex
ruleItemFinal uint8 = 0xFF ruleItemFinal uint8 = 0xFF
) )
@ -207,6 +208,8 @@ func readDefaultRule(reader varbin.Reader, recover bool) (rule option.DefaultHea
rule.ProcessName, err = readRuleItemString(reader) rule.ProcessName, err = readRuleItemString(reader)
case ruleItemProcessPath: case ruleItemProcessPath:
rule.ProcessPath, err = readRuleItemString(reader) rule.ProcessPath, err = readRuleItemString(reader)
case ruleItemProcessPathRegex:
rule.ProcessPathRegex, err = readRuleItemString(reader)
case ruleItemPackageName: case ruleItemPackageName:
rule.PackageName, err = readRuleItemString(reader) rule.PackageName, err = readRuleItemString(reader)
case ruleItemWIFISSID: case ruleItemWIFISSID:
@ -326,6 +329,12 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen
return err return err
} }
} }
if len(rule.ProcessPathRegex) > 0 {
err = writeRuleItemString(writer, ruleItemProcessPathRegex, rule.ProcessPathRegex)
if err != nil {
return err
}
}
if len(rule.PackageName) > 0 { if len(rule.PackageName) > 0 {
err = writeRuleItemString(writer, ruleItemPackageName, rule.PackageName) err = writeRuleItemString(writer, ruleItemPackageName, rule.PackageName)
if err != nil { if err != nil {

View file

@ -40,6 +40,7 @@ SFA provides an unprivileged TUN implementation through Android VpnService.
|-----------------------|------------------|-----------------------------------| |-----------------------|------------------|-----------------------------------|
| `process_name` | :material-close: | No permission | | `process_name` | :material-close: | No permission |
| `process_path` | :material-close: | No permission | | `process_path` | :material-close: | No permission |
| `process_path_regex` | :material-close: | No permission |
| `package_name` | :material-check: | / | | `package_name` | :material-check: | / |
| `user` | :material-close: | Use `package_name` instead | | `user` | :material-close: | Use `package_name` instead |
| `user_id` | :material-close: | Use `package_name` instead | | `user_id` | :material-close: | Use `package_name` instead |

View file

@ -42,6 +42,7 @@ SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension
|-----------------------|------------------|-----------------------| |-----------------------|------------------|-----------------------|
| `process_name` | :material-close: | No permission | | `process_name` | :material-close: | No permission |
| `process_path` | :material-close: | No permission | | `process_path` | :material-close: | No permission |
| `process_path_regex` | :material-close: | No permission |
| `package_name` | :material-close: | / | | `package_name` | :material-close: | / |
| `user` | :material-close: | No permission | | `user` | :material-close: | No permission |
| `user_id` | :material-close: | No permission | | `user_id` | :material-close: | No permission |

View file

@ -6,7 +6,8 @@ icon: material/new-box
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source)
:material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty) :material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty)
:material-plus: [process_path_regex](#process_path_regex)
!!! quote "Changes in sing-box 1.9.0" !!! quote "Changes in sing-box 1.9.0"
@ -103,6 +104,9 @@ icon: material/new-box
"process_path": [ "process_path": [
"/usr/bin/curl" "/usr/bin/curl"
], ],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [ "package_name": [
"com.termux" "com.termux"
], ],
@ -268,6 +272,16 @@ Match process name.
Match process path. Match process path.
#### process_path_regex
!!! question "Since sing-box 1.10.0"
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process path using regular expression.
#### package_name #### package_name
Match android package name. Match android package name.

View file

@ -6,7 +6,8 @@ icon: material/new-box
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source)
:material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty) :material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty)
:material-plus: [process_path_regex](#process_path_regex)
!!! quote "sing-box 1.9.0 中的更改" !!! quote "sing-box 1.9.0 中的更改"
@ -103,6 +104,9 @@ icon: material/new-box
"process_path": [ "process_path": [
"/usr/bin/curl" "/usr/bin/curl"
], ],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [ "package_name": [
"com.termux" "com.termux"
], ],
@ -266,6 +270,16 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
匹配进程路径。 匹配进程路径。
#### process_path_regex
!!! question "自 sing-box 1.10.0 起"
!!! quote ""
仅支持 Linux、Windows 和 macOS.
使用正则表达式匹配进程路径。
#### package_name #### package_name
匹配 Android 应用包名。 匹配 Android 应用包名。

View file

@ -7,6 +7,7 @@ icon: material/alert-decagram
:material-plus: [client](#client) :material-plus: [client](#client)
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source)
:material-plus: [process_path_regex](#process_path_regex)
!!! quote "Changes in sing-box 1.8.0" !!! quote "Changes in sing-box 1.8.0"
@ -101,6 +102,9 @@ icon: material/alert-decagram
"process_path": [ "process_path": [
"/usr/bin/curl" "/usr/bin/curl"
], ],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [ "package_name": [
"com.termux" "com.termux"
], ],
@ -277,6 +281,16 @@ Match process name.
Match process path. Match process path.
#### process_path_regex
!!! question "Since sing-box 1.10.0"
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process path using regular expression.
#### package_name #### package_name
Match android package name. Match android package name.

View file

@ -6,7 +6,8 @@ icon: material/alert-decagram
:material-plus: [client](#client) :material-plus: [client](#client)
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [process_path_regex](#process_path_regex)
!!! quote "sing-box 1.8.0 中的更改" !!! quote "sing-box 1.8.0 中的更改"
@ -99,6 +100,9 @@ icon: material/alert-decagram
"process_path": [ "process_path": [
"/usr/bin/curl" "/usr/bin/curl"
], ],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [ "package_name": [
"com.termux" "com.termux"
], ],
@ -275,6 +279,16 @@ icon: material/alert-decagram
匹配进程路径。 匹配进程路径。
#### process_path_regex
!!! question "自 sing-box 1.10.0 起"
!!! quote ""
仅支持 Linux、Windows 和 macOS.
使用正则表达式匹配进程路径。
#### package_name #### package_name
匹配 Android 应用包名。 匹配 Android 应用包名。

View file

@ -57,6 +57,9 @@
"process_path": [ "process_path": [
"/usr/bin/curl" "/usr/bin/curl"
], ],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [ "package_name": [
"com.termux" "com.termux"
], ],
@ -160,6 +163,16 @@ Match process name.
Match process path. Match process path.
#### process_path_regex
!!! question "Since sing-box 1.10.0"
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process path using regular expression.
#### package_name #### package_name
Match android package name. Match android package name.

View file

@ -88,6 +88,7 @@ type _DefaultRule struct {
PortRange Listable[string] `json:"port_range,omitempty"` PortRange Listable[string] `json:"port_range,omitempty"`
ProcessName Listable[string] `json:"process_name,omitempty"` ProcessName Listable[string] `json:"process_name,omitempty"`
ProcessPath Listable[string] `json:"process_path,omitempty"` ProcessPath Listable[string] `json:"process_path,omitempty"`
ProcessPathRegex Listable[string] `json:"process_path_regex,omitempty"`
PackageName Listable[string] `json:"package_name,omitempty"` PackageName Listable[string] `json:"package_name,omitempty"`
User Listable[string] `json:"user,omitempty"` User Listable[string] `json:"user,omitempty"`
UserID Listable[int32] `json:"user_id,omitempty"` UserID Listable[int32] `json:"user_id,omitempty"`

View file

@ -88,6 +88,7 @@ type _DefaultDNSRule struct {
PortRange Listable[string] `json:"port_range,omitempty"` PortRange Listable[string] `json:"port_range,omitempty"`
ProcessName Listable[string] `json:"process_name,omitempty"` ProcessName Listable[string] `json:"process_name,omitempty"`
ProcessPath Listable[string] `json:"process_path,omitempty"` ProcessPath Listable[string] `json:"process_path,omitempty"`
ProcessPathRegex Listable[string] `json:"process_path_regex,omitempty"`
PackageName Listable[string] `json:"package_name,omitempty"` PackageName Listable[string] `json:"package_name,omitempty"`
User Listable[string] `json:"user,omitempty"` User Listable[string] `json:"user,omitempty"`
UserID Listable[int32] `json:"user_id,omitempty"` UserID Listable[int32] `json:"user_id,omitempty"`

View file

@ -144,24 +144,25 @@ func (r HeadlessRule) IsValid() bool {
} }
type DefaultHeadlessRule struct { type DefaultHeadlessRule struct {
QueryType Listable[DNSQueryType] `json:"query_type,omitempty"` QueryType Listable[DNSQueryType] `json:"query_type,omitempty"`
Network Listable[string] `json:"network,omitempty"` Network Listable[string] `json:"network,omitempty"`
Domain Listable[string] `json:"domain,omitempty"` Domain Listable[string] `json:"domain,omitempty"`
DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` DomainSuffix Listable[string] `json:"domain_suffix,omitempty"`
DomainKeyword Listable[string] `json:"domain_keyword,omitempty"` DomainKeyword Listable[string] `json:"domain_keyword,omitempty"`
DomainRegex Listable[string] `json:"domain_regex,omitempty"` DomainRegex Listable[string] `json:"domain_regex,omitempty"`
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"` SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
IPCIDR Listable[string] `json:"ip_cidr,omitempty"` IPCIDR Listable[string] `json:"ip_cidr,omitempty"`
SourcePort Listable[uint16] `json:"source_port,omitempty"` SourcePort Listable[uint16] `json:"source_port,omitempty"`
SourcePortRange Listable[string] `json:"source_port_range,omitempty"` SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
Port Listable[uint16] `json:"port,omitempty"` Port Listable[uint16] `json:"port,omitempty"`
PortRange Listable[string] `json:"port_range,omitempty"` PortRange Listable[string] `json:"port_range,omitempty"`
ProcessName Listable[string] `json:"process_name,omitempty"` ProcessName Listable[string] `json:"process_name,omitempty"`
ProcessPath Listable[string] `json:"process_path,omitempty"` ProcessPath Listable[string] `json:"process_path,omitempty"`
PackageName Listable[string] `json:"package_name,omitempty"` ProcessPathRegex Listable[string] `json:"process_path_regex,omitempty"`
WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` PackageName Listable[string] `json:"package_name,omitempty"`
WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` WIFISSID Listable[string] `json:"wifi_ssid,omitempty"`
Invert bool `json:"invert,omitempty"` WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"`
Invert bool `json:"invert,omitempty"`
DomainMatcher *domain.Matcher `json:"-"` DomainMatcher *domain.Matcher `json:"-"`
SourceIPSet *netipx.IPSet `json:"-"` SourceIPSet *netipx.IPSet `json:"-"`

View file

@ -179,6 +179,14 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt
rule.items = append(rule.items, item) rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if len(options.ProcessPathRegex) > 0 {
item, err := NewProcessPathRegexItem(options.ProcessPathRegex)
if err != nil {
return nil, E.Cause(err, "process_path_regex")
}
rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.PackageName) > 0 { if len(options.PackageName) > 0 {
item := NewPackageNameItem(options.PackageName) item := NewPackageNameItem(options.PackageName)
rule.items = append(rule.items, item) rule.items = append(rule.items, item)

View file

@ -183,6 +183,14 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options
rule.items = append(rule.items, item) rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if len(options.ProcessPathRegex) > 0 {
item, err := NewProcessPathRegexItem(options.ProcessPathRegex)
if err != nil {
return nil, E.Cause(err, "process_path_regex")
}
rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.PackageName) > 0 { if len(options.PackageName) > 0 {
item := NewPackageNameItem(options.PackageName) item := NewPackageNameItem(options.PackageName)
rule.items = append(rule.items, item) rule.items = append(rule.items, item)

View file

@ -123,6 +123,14 @@ func NewDefaultHeadlessRule(router adapter.Router, options option.DefaultHeadles
rule.items = append(rule.items, item) rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if len(options.ProcessPathRegex) > 0 {
item, err := NewProcessPathRegexItem(options.ProcessPathRegex)
if err != nil {
return nil, E.Cause(err, "process_path_regex")
}
rule.items = append(rule.items, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.PackageName) > 0 { if len(options.PackageName) > 0 {
item := NewPackageNameItem(options.PackageName) item := NewPackageNameItem(options.PackageName)
rule.items = append(rule.items, item) rule.items = append(rule.items, item)

View file

@ -0,0 +1,54 @@
package route
import (
"regexp"
"strings"
"github.com/sagernet/sing-box/adapter"
E "github.com/sagernet/sing/common/exceptions"
F "github.com/sagernet/sing/common/format"
)
var _ RuleItem = (*ProcessPathRegexItem)(nil)
type ProcessPathRegexItem struct {
matchers []*regexp.Regexp
description string
}
func NewProcessPathRegexItem(expressions []string) (*ProcessPathRegexItem, error) {
matchers := make([]*regexp.Regexp, 0, len(expressions))
for i, regex := range expressions {
matcher, err := regexp.Compile(regex)
if err != nil {
return nil, E.Cause(err, "parse expression ", i)
}
matchers = append(matchers, matcher)
}
description := "process_path_regex="
eLen := len(expressions)
if eLen == 1 {
description += expressions[0]
} else if eLen > 3 {
description += F.ToString("[", strings.Join(expressions[:3], " "), "]")
} else {
description += F.ToString("[", strings.Join(expressions, " "), "]")
}
return &ProcessPathRegexItem{matchers, description}, nil
}
func (r *ProcessPathRegexItem) Match(metadata *adapter.InboundContext) bool {
if metadata.ProcessInfo == nil || metadata.ProcessInfo.ProcessPath == "" {
return false
}
for _, matcher := range r.matchers {
if matcher.MatchString(metadata.ProcessInfo.ProcessPath) {
return true
}
}
return false
}
func (r *ProcessPathRegexItem) String() string {
return r.description
}